Changes in Kconfig

9520a2b3 - kbuild: Require pahole v1.29 with GENDWARFKSYMS on X86

Mon, 07 Apr 2025 23:08:44 +0000

kbuild: Require pahole v1.29 with GENDWARFKSYMS on X86With CONFIG_GENDWARFKSYMS, __gendwarfksyms_ptr variables areadded to the kernel in EXPORT_SYMBOL() to ensure DWARF typeinformation is available for exported symbols in the TUs wherethey're actually exported. These symbols are dropped when linkingvmlinux, but dangling references to them remain in DWARF.With CONFIG_DEBUG_INFO_BTF enabled on X86, pahole versions aftercommit 47dcb534e253 ("btf_encoder: Stop indexing symbols forVARs") and before commit 9810758003ce ("btf_encoder: Verify 0address DWARF variables are in ELF section") place these symbolsin the .data..percpu section, which results in an "Invalidoffset" error in btf_datasec_check_meta() during boot, as allthe variables are at zero offset and have non-zero size. IfCONFIG_DEBUG_INFO_BTF_MODULES is enabled, this also results in afailure to load modules with: failed to validate module [$module] BTF: -22As the issue occurs in pahole v1.28 and the fix was mergedafter v1.29 was released, require pahole v1.29 whenGENDWARFKSYMS is enabled with DEBUG_INFO_BTF on X86.Reported-by: Paolo Pisati Signed-off-by: Sami Tolvanen Signed-off-by: Masahiro Yamada List of files: /linux-6.15/kernel/module/Kconfig

f3b93547 - module: sign with sha512 instead of sha1 by default

Wed, 16 Oct 2024 14:18:41 +0000

module: sign with sha512 instead of sha1 by defaultSwitch away from using sha1 for module signing by default and use themore modern sha512 instead, which is what among others Arch, Fedora,RHEL, and Ubuntu are currently using for their kernels.Sha1 has not been considered secure against well-funded opponents since2005[1]; since 2011 the NIST and other organizations furthermorerecommended its replacement[2]. This is why OpenSSL on RHEL9, FedoraLinux 41+[3], and likely some other current and future distributionsreject the creation of sha1 signatures, which leads to a build error ofallmodconfig configurations: 80A20474797F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:342: make[4]: *** [.../certs/Makefile:53: certs/signing_key.pem] Error 1 make[4]: *** Deleting file 'certs/signing_key.pem' make[4]: *** Waiting for unfinished jobs.... make[3]: *** [.../scripts/Makefile.build:478: certs] Error 2 make[2]: *** [.../Makefile:1936: .] Error 2 make[1]: *** [.../Makefile:224: __sub-make] Error 2 make[1]: Leaving directory '...' make: *** [Makefile:224: __sub-make] Error 2This change makes allmodconfig work again and sets a default that ismore appropriate for current and future users, too.Link: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [1]Link: https://csrc.nist.gov/projects/hash-functions [2]Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [3]Signed-off-by: Thorsten Leemhuis Reviewed-by: Sami Tolvanen Tested-by: kdevops [0]Link: https://github.com/linux-kdevops/linux-modules-kpd/actions/runs/11420092929/job/31775404330 [0]Link: https://lore.kernel.org/r/52ee32c0c92afc4d3263cea1f8a1cdc809728aff.1729088288.git.linux@leemhuis.infoSigned-off-by: Petr Pavlu List of files: /linux-6.15/kernel/module/Kconfig

e8639b7e - modpost: Allow extended modversions without basic MODVERSIONS

Fri, 03 Jan 2025 17:37:03 +0000

modpost: Allow extended modversions without basic MODVERSIONSIf you know that your kernel modules will only ever be loaded by a newerkernel, you can disable BASIC_MODVERSIONS to save space. This alsoallows easy creation of test modules to see how tooling will respond tomodules that only have the new format.Signed-off-by: Matthew Maurer Signed-off-by: Masahiro Yamada List of files: /linux-6.15/kernel/module/Kconfig

fc7d5e32 - modpost: Produce extended MODVERSIONS information

Fri, 03 Jan 2025 17:37:02 +0000

modpost: Produce extended MODVERSIONS informationGenerate both the existing modversions format and the new extended onewhen running modpost. Presence of this metadata in the final .ko isguarded by CONFIG_EXTENDED_MODVERSIONS.We no longer generate an error on long symbols in modpost ifCONFIG_EXTENDED_MODVERSIONS is set, as they can now be appropriatelyencoded in the extended section. These symbols will be skipped in theprevious encoding. An error will still be generated ifCONFIG_EXTENDED_MODVERSIONS is not set.Reviewed-by: Sami Tolvanen Signed-off-by: Matthew Maurer Signed-off-by: Masahiro Yamada List of files: /linux-6.15/kernel/module/Kconfig

9c3681f9 - kbuild: Add gendwarfksyms as an alternative to genksyms

Fri, 03 Jan 2025 20:45:39 +0000

kbuild: Add gendwarfksyms as an alternative to genksymsWhen MODVERSIONS is enabled, allow selecting gendwarfksyms as theimplementation, but default to genksyms.Signed-off-by: Sami Tolvanen Signed-off-by: Masahiro Yamada List of files: /linux-6.15/kernel/module/Kconfig

f2856884 - tools: Add gendwarfksyms

Fri, 03 Jan 2025 20:45:23 +0000

tools: Add gendwarfksymsAdd a basic DWARF parser, which uses libdw to traverse the debugginginformation in an object file and looks for functions and variables.In follow-up patches, this will be expanded to produce symbol versionsfor CONFIG_MODVERSIONS from DWARF.Signed-off-by: Sami Tolvanen Reviewed-by: Petr Pavlu Signed-off-by: Masahiro Yamada List of files: /linux-6.15/kernel/module/Kconfig

cdd30ebb - module: Convert symbol namespace to string literal

Mon, 02 Dec 2024 14:59:47 +0000

module: Convert symbol namespace to string literalClean up the existing export namespace code along the same lines ofcommit 33def8498fdd ("treewide: Convert macro and uses of __section(foo)to __section("foo")") and for the same reason, it is not desired for thenamespace argument to be a macro expansion itself.Scripted using git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file; do awk -i inplace ' /^#define EXPORT_SYMBOL_NS/ { gsub(/__stringify$ns$/, "ns"); print; next; } /^#define MODULE_IMPORT_NS/ { gsub(/__stringify$ns$/, "ns"); print; next; } /MODULE_IMPORT_NS/ { $0 = gensub(/MODULE_IMPORT_NS$([^)]*)$/, "MODULE_IMPORT_NS(\"\\1\")", "g"); } /EXPORT_SYMBOL_NS/ { if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)$([^,]+),/) { if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)$/ && $0 !~ /(EXPORT_SYMBOL_NS[^(]*)/ && $0 !~ /^my/) { getline line; gsub(/[[:space:]]*\\$/, ""); gsub(/[[:space:]]/, "", line); $0 = $0 " " line; } $0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)$([^,]+), ([^)]+)$/, "\\1(\\2, \"\\3\")", "g"); } } { print }' $file; doneRequested-by: Masahiro Yamada Signed-off-by: Peter Zijlstra (Intel) Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlcAcked-by: Greg KH Signed-off-by: Linus Torvalds List of files: /linux-6.15/kernel/module/Kconfig

1f9c4a99 - Kbuild: make MODVERSIONS support depend on not being a compile test build

Wed, 25 Sep 2024 18:08:28 +0000

Kbuild: make MODVERSIONS support depend on not being a compile test buildCurrently the Rust support is gated on not having MODVERSIONS enabled,and as a result an "allmodconfig" build will disable Rust build tests.While MODVERSIONS configurations are worth build testing, the feature isnot actually meaningful unless you run the result, and I'd rather getbuild coverage of Rust than MODVERSIONS. So let's disable MODVERSIONSfor build testing until the Rust side clears up.Signed-off-by: Linus Torvalds List of files: /linux-6.15/kernel/module/Kconfig

f94ce04e - module: Clean up the description of MODULE_SIG_

Mon, 22 Jul 2024 09:06:22 +0000

module: Clean up the description of MODULE_SIG_The MODULE_SIG_ config choice has an inconsistent prompt styled asa question and lengthy option names.Simplify the prompt and option names to be consistent with other moduleoptions.Signed-off-by: Petr Pavlu Signed-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig

c7ff693f - module: Split modules_install compression and in-kernel decompression

Mon, 22 Jul 2024 09:06:21 +0000

module: Split modules_install compression and in-kernel decompressionThe kernel configuration allows specifying a module compression mode. Ifone is selected then each module gets compressed during'make modules_install' and additionally one can also enable support fora respective direct in-kernel decompression support. This means that thedecompression support cannot be enabled without the automatic compression.Some distributions, such as the (open)SUSE family, use a signer service formodules. A build runs on a worker machine but signing is done by a separatelocked-down server that is in possession of the signing key. The buildinvokes 'make modules_install' to create a modules tree, collectsinformation about the modules, asks the signer service for their signature,appends each signature to the respective module and compresses all modules.When using this arrangment, the 'make modules_install' step producesunsigned+uncompressed modules and the distribution's own build recipe takescare of signing and compression later.The signing support can be currently enabled without automatically signingmodules during 'make modules_install'. However, the in-kernel decompressionsupport can be selected only after first enabling automatic compressionduring this step.To allow only enabling the in-kernel decompression support without theautomatic compression during 'make modules_install', separate thecompression options similarly to the signing options, as follows:> Enable loadable module support[*] Module compression Module compression type (GZIP) --->[*] Automatically compress all modules[ ] Support in-kernel module decompression* "Module compression" (MODULE_COMPRESS) is a new main switch for the compression/decompression support. It replaces MODULE_COMPRESS_NONE.* "Module compression type" (MODULE_COMPRESS_) chooses the compression type, one of GZ, XZ, ZSTD.* "Automatically compress all modules" (MODULE_COMPRESS_ALL) is a new option to enable module compression during 'make modules_install'. It defaults to Y.* "Support in-kernel module decompression" (MODULE_DECOMPRESS) enables in-kernel decompression.Signed-off-by: Petr Pavlu Acked-by: Masahiro Yamada Signed-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig

12af2b83 - mm: introduce execmem_alloc() and execmem_free()

Sun, 05 May 2024 16:06:18 +0000

mm: introduce execmem_alloc() and execmem_free()module_alloc() is used everywhere as a mean to allocate memory for code.Beside being semantically wrong, this unnecessarily ties all subsystemsthat need to allocate code, such as ftrace, kprobes and BPF to modules andputs the burden of code allocation to the modules code.Several architectures override module_alloc() because of variousconstraints where the executable memory can be located and this causesadditional obstacles for improvements of code allocation.Start splitting code allocation from modules by introducing execmem_alloc()and execmem_free() APIs.Initially, execmem_alloc() is a wrapper for module_alloc() andexecmem_free() is a replacement of module_memfree() to allow updating allcall sites to use the new APIs.Since architectures define different restrictions on placement,permissions, alignment and other parameters for memory that can be used bydifferent subsystems that allocate executable memory, execmem_alloc() takesa type argument, that will be used to identify the calling subsystem and toallow architectures define parameters for ranges suitable for thatsubsystem.No functional changes.Signed-off-by: Mike Rapoport (IBM) Acked-by: Masami Hiramatsu (Google) Acked-by: Song Liu Acked-by: Steven Rostedt (Google) Signed-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig

8d0b7288 - module: allow UNUSED_KSYMS_WHITELIST to be relative against objtree.

Wed, 10 Apr 2024 19:48:02 +0000

module: allow UNUSED_KSYMS_WHITELIST to be relative against objtree.If UNUSED_KSYMS_WHITELIST is a file generatedbefore Kbuild runs, and the source tree is ina read-only filesystem, the developer must putthe file somewhere and specify an absolutepath to UNUSED_KSYMS_WHITELIST. This worked,but if IKCONFIG=y, an absolute path is embeddedinto .config and eventually into vmlinux, causingthe build to be less reproducible when buildingon a different machine.This patch makes the handling ofUNUSED_KSYMS_WHITELIST to be similar toMODULE_SIG_KEY.First, check if UNUSED_KSYMS_WHITELIST is anabsolute path, just as before this patch. If so,use the path as is.If it is a relative path, use wildcard to checkthe existence of the file below objtree first.If it does not exist, fall back to the originalbehavior of adding $(srctree)/ before the value.After this patch, the developer can put the generatedfile in objtree, then use a relative path againstobjtree in .config, eradicating any absolute pathsthat may be evaluated differently on different machines.Signed-off-by: Yifan Hong Reviewed-by: Elliot Berman Signed-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig

203a6763 - Revert "crypto: pkcs7 - remove sha1 support"

Wed, 13 Mar 2024 23:32:27 +0000

Revert "crypto: pkcs7 - remove sha1 support"This reverts commit 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 because itbroke iwd. iwd uses the KEYCTL_PKEY_* UAPIs via its dependency libell,and apparently it is relying on SHA-1 signature support. These UAPIsare fairly obscure, and their documentation does not mention whichalgorithms they support. iwd really should be using a properlysupported userspace crypto library instead. Regardless, since somethingbroke we have to revert the change.It may be possible that some parts of this commit can be reinstatedwithout breaking iwd (e.g. probably the removal of MODULE_SIG_SHA1), butfor now this just does a full revert to get things working again.Reported-by: Karel Balej Closes: https://lore.kernel.org/r/CZSHRUIJ4RKL.34T4EASV5DNJM@matfyz.czCc: Dimitri John Ledkov Signed-off-by: Eric Biggers Tested-by: Karel Balej Signed-off-by: Herbert Xu List of files: /linux-6.15/kernel/module/Kconfig

d2d5cba5 - kbuild: remove EXPERT and !COMPILE_TEST guarding from TRIM_UNUSED_KSYMS

Thu, 15 Feb 2024 14:15:01 +0000

kbuild: remove EXPERT and !COMPILE_TEST guarding from TRIM_UNUSED_KSYMSThis reverts the following two commits: - a555bdd0c58c ("Kbuild: enable TRIM_UNUSED_KSYMS again, with some guarding") - 5cf0fd591f2e ("Kbuild: disable TRIM_UNUSED_KSYMS option")Commit 5e9e95cc9148 ("kbuild: implement CONFIG_TRIM_UNUSED_KSYMS withoutrecursion") solved the build time issue.Signed-off-by: Masahiro Yamada List of files: /linux-6.15/kernel/module/Kconfig

446b1e0b - module: enable automatic module signing with FIPS 202 SHA-3

Sun, 22 Oct 2023 18:22:07 +0000

module: enable automatic module signing with FIPS 202 SHA-3Add Kconfig options to use SHA-3 for kernel module signing. 256 sizefor RSA only, and higher sizes for RSA and NIST P-384.Signed-off-by: Dimitri John Ledkov Signed-off-by: Herbert Xu List of files: /linux-6.15/kernel/module/Kconfig

fc3225fd - module: Do not offer sha224 for built-in module signing

Tue, 10 Oct 2023 21:26:33 +0000

module: Do not offer sha224 for built-in module signingsha224 does not provide enough security against collision attacksrelative to the default keys used for signing (RSA 4k & P-384). Alsosha224 never became popular, as sha256 got widely adopter ahead ofsha224 being introduced.Signed-off-by: Dimitri John Ledkov Signed-off-by: Herbert Xu List of files: /linux-6.15/kernel/module/Kconfig

16ab7cb5 - crypto: pkcs7 - remove sha1 support

Tue, 10 Oct 2023 21:22:38 +0000

crypto: pkcs7 - remove sha1 supportRemoves support for sha1 signed kernel modules, importing sha1 signedx.509 certificates.rsa-pkcs1pad keeps sha1 padding support, which seems to be used byvirtio driver.sha1 remains available as there are many drivers and subsystems usingit. Note only hmac(sha1) with secret keys remains cryptographicallysecure.In the kernel there are filesystems, IMA, tpm/pcr that appear to beusing sha1. Maybe they can all start to be slowly upgraded tosomething else i.e. blake3, ParallelHash, SHAKE256 as needed.Signed-off-by: Dimitri John Ledkov Signed-off-by: Herbert Xu List of files: /linux-6.15/kernel/module/Kconfig

8660484e - module: add debugging auto-load duplicate module support

Fri, 14 Apr 2023 05:28:39 +0000

module: add debugging auto-load duplicate module supportThe finit_module() system call can in the worst case use up to more thantwice of a module's size in virtual memory. Duplicate finit_module()system calls are non fatal, however they unnecessarily strain virtualmemory during bootup and in the worst case can cause a system to failto boot. This is only known to currently be an issue on systems withlarger number of CPUs.To help debug this situation we need to consider the different sources forfinit_module(). Requests from the kernel that rely on module auto-loading,ie, the kernel's *request_module() API, are one source of calls. Althoughmodprobe checks to see if a module is already loaded prior to callingfinit_module() there is a small race possible allowing userspace totrigger multiple modprobe calls racing against modprobe and this notseeing the module yet loaded.This adds debugging support to the kernel module auto-loader (*request_module()calls) to easily detect duplicate module requests. To aid with possible bootupfailure issues incurred by this, it will converge duplicates requests to asingle request. This avoids any possible strain on virtual memory duringbootup which could be incurred by duplicate module autoloading requests.Folks debugging virtual memory abuse on bootup can and should enablethis to see what pr_warn()s come on, to see if module auto-loading is toblame for their wores. If they see duplicates they can further debug thisby enabling the module.enable_dups_trace kernel parameter or by enablingCONFIG_MODULE_DEBUG_AUTOLOAD_DUPS_TRACE.Current evidence seems to point to only a few duplicates for moduleauto-loading. And so the source for other duplicates creating heavyvirtual memory pressure due to larger number of CPUs should becomingfrom another place (likely udev).Signed-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig

df3e764d - module: add debug stats to help identify memory pressure

Wed, 29 Mar 2023 03:03:19 +0000

module: add debug stats to help identify memory pressureLoading modules with finit_module() can end up using vmalloc(), vmap()and vmalloc() again, for a total of up to 3 separate allocations in theworst case for a single module. We always kernel_read*() the module,that's a vmalloc(). Then vmap() is used for the module decompression,and if so the last read buffer is freed as we use the now decompressedmodule buffer to stuff data into our copy module. The last allocation isspecific to each architectures but pretty much that's generally a seriesof vmalloc() calls or a variation of vmalloc to handle ELF sections withspecial permissions.Evaluation with new stress-ng module support [1] with just 100 opsis proving that you can end up using GiBs of data easily even with allcare we have in the kernel and userspace today in trying to not load moduleswhich are already loaded. 100 ops seems to resemble the sort of pressure asystem with about 400 CPUs can create on module loading. Although issuesrelating to duplicate module requests due to each CPU inucurring a newmodule reuest is silly and some of these are being fixed, we currently lackproper tooling to help diagnose easily what happened, when it happenedand who likely is to blame -- userspace or kernel module autoloading.Provide an initial set of stats which use debugfs to let us easily scrapepost-boot information about failed loads. This sort of information canbe used on production worklaods to try to optimize *avoiding* redundantmemory pressure using finit_module().There's a few examples that can be provided:A 255 vCPU system without the next patch in this series applied:Startup finished in 19.143s (kernel) + 7.078s (userspace) = 26.221sgraphical.target reached after 6.988s in userspaceAnd 13.58 GiB of virtual memory space lost due to failed module loading:root@big ~ # cat /sys/kernel/debug/modules/stats Mods ever loaded 67 Mods failed on kread 0Mods failed on decompress 0 Mods failed on becoming 0 Mods failed on load 1411 Total module size 11464704 Total mod text size 4194304 Failed kread bytes 0 Failed decompress bytes 0 Failed becoming bytes 0 Failed kmod bytes 14588526272 Virtual mem wasted bytes 14588526272 Average mod size 171115 Average mod text size 62602 Average fail load bytes 10339140Duplicate failed modules: module-name How-many-times Reason kvm_intel 249 Load kvm 249 Load irqbypass 8 Load crct10dif_pclmul 128 Load ghash_clmulni_intel 27 Load sha512_ssse3 50 Load sha512_generic 200 Load aesni_intel 249 Load crypto_simd 41 Load cryptd 131 Load evdev 2 Load serio_raw 1 Load virtio_pci 3 Load nvme 3 Load nvme_core 3 Load virtio_pci_legacy_dev 3 Load virtio_pci_modern_dev 3 Load t10_pi 3 Load virtio 3 Load crc32_pclmul 6 Load crc64_rocksoft 3 Load crc32c_intel 40 Load virtio_ring 3 Load crc64 3 LoadThe following screen shot, of a simple 8vcpu 8 GiB KVM guest with thenext patch in this series applied, shows 226.53 MiB are wasted in virtualmemory allocations which due to duplicate module requests during boot.It also shows an average module memory size of 167.10 KiB and an anaverage module .text + .init.text size of 61.13 KiB. The end shows allmodules which were detected as duplicate requests and whether or notthey failed early after just the first kernel_read*() call or late afterwe've already allocated the private space for the module inlayout_and_allocate(). A system with module decompression would revealmore wasted virtual memory space.We should put effort now into identifying the source of these duplicatemodule requests and trimming these down as much possible. Larger systemswill obviously show much more wasted virtual memory allocations.root@kmod ~ # cat /sys/kernel/debug/modules/stats Mods ever loaded 67 Mods failed on kread 0Mods failed on decompress 0 Mods failed on becoming 83 Mods failed on load 16 Total module size 11464704 Total mod text size 4194304 Failed kread bytes 0 Failed decompress bytes 0 Failed becoming bytes 228959096 Failed kmod bytes 8578080 Virtual mem wasted bytes 237537176 Average mod size 171115 Average mod text size 62602 Avg fail becoming bytes 2758544 Average fail load bytes 536130Duplicate failed modules: module-name How-many-times Reason kvm_intel 7 Becoming kvm 7 Becoming irqbypass 6 Becoming & Load crct10dif_pclmul 7 Becoming & Load ghash_clmulni_intel 7 Becoming & Load sha512_ssse3 6 Becoming & Load sha512_generic 7 Becoming & Load aesni_intel 7 Becoming crypto_simd 7 Becoming & Load cryptd 3 Becoming & Load evdev 1 Becoming serio_raw 1 Becoming nvme 3 Becoming nvme_core 3 Becoming t10_pi 3 Becoming virtio_pci 3 Becoming crc32_pclmul 6 Becoming & Load crc64_rocksoft 3 Becoming crc32c_intel 3 Becoming virtio_pci_modern_dev 2 Becoming virtio_pci_legacy_dev 1 Becoming crc64 2 Becoming virtio 2 Becoming virtio_ring 2 Becoming[0] https://github.com/ColinIanKing/stress-ng.git[1] echo 0 > /proc/sys/vm/oom_dump_tasks ./stress-ng --module 100 --module-name xfsSigned-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig

169a58ad - module/decompress: Support zstd in-kernel decompression

Tue, 06 Dec 2022 21:53:18 +0000

module/decompress: Support zstd in-kernel decompressionAdd support for zstd compressed modules to the in-kernel decompressioncode. This allows zstd compressed modules to be decompressed by thekernel, similar to the existing support for gzip and xz compressedmodules.Cc: Dmitry Torokhov Cc: Piotr Gorski Cc: Nick Terrell Signed-off-by: Stephen Boyd Reviewed-by: Dmitry Torokhov Reviewed-by: Piotr Gorski Signed-off-by: Luis Chamberlain List of files: /linux-6.15/kernel/module/Kconfig